Review of Signature-based Techniques in Antivirus Products

Existing antivirus products employ diverse types of techniques to detect malware or any suspicious activities. The majority of such techniques rely on signature-based detection algorithms. However, the speed of such detection algorithms may adversely impact the performance of the antivirus products (e.g., if used for online virus scanning). In this paper, we review existing research that proposed fast and efficient signature-based algorithms to dynamically improve the time and accuracy of virus detection. We classify and discuss the different algorithms according to the type of analysis they perform (i.e., static, dynamic or hybrid). In addition, we evaluate existing virus detection algorithms using different design issues and performance criteria, namely (a) memory cost, (b) time complexity, and (c) detection rates. In addition, we discuss how certain design choices of signature-based approaches can only apply to specific virus detection circumstances. Finally, we present the current research challenges of using signature-based algorithms for investigating cybercrime activities.